Il giorno Tue, 11 Apr 2017 05:28:29 +0200
marc <marcxdv@???> ha scritto:

> > You still should use sudo, with a password - the user's own password.
> > Using root password many times, every day, is bad for security (the more
> > times you type it the higher the chances are it will be captured) and it
> > instills the desire of an easy to remember and fast to type password.
>
>
> What people often overlook is that having a real root password
> is that is possible to press control-alt-F2 and log in as
> root on a text console.

You still have to type the superuser's password, so you gain almost no
more protection.

> To intercept the password in that case typically requires root
> anyway, or some sort of physical access - in either case the
> game is already over.

Having to type the superuser password for tasks that could be configured to
work without is bad; it's only a matter of time before you have to choose
between typing it in an unprotected environment (in an airport,
bus terminal, in an openspace, any place crowded with people, cameras and
microphones) or forgo taking advantage of a basic OS' function when actually
needed.

> This is different to using sudo or su, where a random javascript
> exploit can control firefox which then straces your xterm or
> updates your .bashrc to grab your password the next time you
> type su or sudo.

This is true of whatever you do with your PC and browser. "The only
totally secure PC is a PC with it's power plug pulled off".

Anyway, what is worse, having that jscript capture your system's
superuser password, or your unprivileged user's that is now running firefox?

[...]

> Sudo has its uses, but the practice of using sudo and no root
> password is a convenience (fewer passwords to remember) which
> typically weakens security.

No, it's mostly security: having to type the superuser's password when
easily avoidable exposes the system's most critical password to be
captured. There are many circumstances when typing *any* password is just
crazy, let alone the superuser one. If some privileged task has to be
carried out in an unsecure environment, su is the command to avoid. You
either have sudo (or some other like tool) preconfigured to perform that task
with no password or, at most, with your unprivileged user password. Of
course doing nothing is the most secure option, but if you have a PC I
suppose you have it for a purpose, to run it and take advantage of it's
capabilities.



--
Alessandro Selli http://alessandro.route-add.net
VOIP SIP: dhatarattha@???
Chiavi PGP/GPG keys: B7FD89FD, 4A904FD9